WP-Safety

Uix Page Builder Security & Risk Analysis

wordpress.org/plugins/uix-page-builder

Uix Page Builder is a design system that it is simple content creation interface.

100 active installs v1.7.5 PHP 5.6+ WP 4.2+ Updated Apr 24, 2025
builderpage-builderpagebuildervisual-buildervisual-composer
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 20, 2025
Plugin page Download
Safety Verdict

Is Uix Page Builder Safe to Use in 2026?

Generally Safe

Score 99/100

Uix Page Builder has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 20, 2025Updated 11mo ago
Risk Assessment

The static analysis of uix-page-builder v1.7.5 reveals a generally good security posture with a well-defined attack surface and robust use of nonces and capability checks for its entry points. The absence of unprotected AJAX handlers and REST API routes is a significant strength. However, the analysis does highlight a critical concern regarding SQL queries, where 100% are not using prepared statements. This lack of prepared statements for all SQL queries presents a significant risk of SQL injection vulnerabilities. Additionally, while the majority of output is properly escaped (76%), the 24% that is not raises concerns about potential Cross-Site Scripting (XSS) vulnerabilities, especially given the plugin's history of a medium-severity XSS CVE. The single unsanitized path flow also warrants attention as a potential avenue for exploitation. The plugin's vulnerability history, while showing no currently unpatched CVEs, includes a past XSS vulnerability which, combined with the static analysis findings, suggests that careful attention to input sanitization and output escaping remains crucial for this plugin. Overall, the plugin demonstrates good practices in access control but needs immediate attention to secure its database interactions and output handling.

Key Concerns

  • 100% of SQL queries do not use prepared statements
  • 24% of output is not properly escaped
  • 1 flow with unsanitized paths
  • 1 medium severity CVE in vulnerability history
Vulnerabilities
1

Uix Page Builder Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-24616medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Uix Page Builder <= 1.7.4 - Reflected Cross-Site Scripting

Jan 20, 2025 Patched in 1.7.5 (33d)
Code Analysis
Analyzed Mar 16, 2026

Uix Page Builder Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
86
278 escaped
Nonce Checks
14
Capability Checks
13
File Operations
9
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

76% escaped364 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

12 flows1 with unsanitized paths
uix_page_builder_page_ex_metaboxes_pagerbuilder_container_options (includes\admin\bulider\post-extensions-init.php:657)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Uix Page Builder Attack Surface

Entry Points19
Unprotected0

AJAX Handlers 11

authwp_ajax_uix_page_builder_createTempFilesToTheme_settingsincludes\admin\bulider\post-extensions-init.php:95
authwp_ajax_uix_page_builder_delContentTemplate_settingsincludes\admin\bulider\post-extensions-init.php:133
authwp_ajax_uix_page_builder_metaboxes_savetemp_settingsincludes\admin\bulider\post-extensions-init.php:190
authwp_ajax_uix_page_builder_metaboxes_loadtemplist_settingsincludes\admin\bulider\post-extensions-init.php:299
authwp_ajax_uix_page_builder_output_frontend_settingsincludes\admin\bulider\post-extensions-init.php:442
authwp_ajax_uix_page_builder_metaboxes_loadtemp_settingsincludes\admin\bulider\post-extensions-init.php:471
authwp_ajax_uix_page_builder_metaboxes_save_settingsincludes\admin\bulider\post-extensions-init.php:528
authwp_ajax_uix_page_builder_saveLiveRender_settingsincludes\admin\bulider\visual-builder-init.php:338
authwp_ajax_uix_page_builder_savePageTemplate_settingsincludes\admin\bulider\visual-builder-init.php:372
authwp_ajax_uix_page_builder_publishLiveRender_settingsincludes\admin\bulider\visual-builder-init.php:398
authwp_ajax_uix_page_builder_anchorlinks_save_settingsincludes\classes\class-menu-onepage.php:17

Shortcodes 8

[uix_pb_sections] includes\classes\class-frontend-render.php:54
[uix_pb_sections] includes\classes\class-frontend-render.php:56
[uix_pb_blog] includes\classes\module-shortcodes\class-module-blog.php:31
[uix_pb_map] includes\classes\module-shortcodes\class-module-googlemap.php:28
[uix_pb_instagram] includes\classes\module-shortcodes\class-module-instagram.php:27
[uix_pb_menu] includes\classes\module-shortcodes\class-module-menu.php:27
[uix_pb_sidebar] includes\classes\module-shortcodes\class-module-sidebar.php:31
[uix_pb_uix_products] includes\classes\module-shortcodes\class-module-uix_products.php:39
WordPress Hooks 53
actionadmin_enqueue_scriptshelper\settings.php:23
actionadmin_enqueue_scriptsincludes\admin\bulider\post-extensions-init.php:12
actionadmin_initincludes\admin\bulider\post-extensions-init.php:553
actionadmin_initincludes\admin\bulider\post-extensions-init.php:636
actionsave_postincludes\admin\bulider\post-extensions-init.php:837
actioninitincludes\admin\bulider\visual-builder-init.php:14
actionadmin_initincludes\admin\bulider\visual-builder-init.php:19
actionadmin_menuincludes\admin\bulider\visual-builder-init.php:20
actionadmin_headincludes\admin\bulider\visual-builder-init.php:21
actionadmin_headincludes\admin\bulider\visual-builder-init.php:22
filtershow_admin_barincludes\admin\bulider\visual-builder-init.php:31
actionwp_headincludes\admin\bulider\visual-builder-init.php:42
filterwp_insert_post_empty_contentincludes\admin\bulider\visual-builder-init.php:223
actionwp_headincludes\classes\class-frontend-render.php:16
actionadmin_initincludes\classes\class-frontend-render.php:17
filterbody_classincludes\classes\class-frontend-render.php:18
filterexcerpt_moreincludes\classes\class-get-excerpt.php:24
filterexcerpt_moreincludes\classes\class-get-excerpt.php:26
filterexcerpt_lengthincludes\classes\class-get-excerpt.php:30
filterexcerpt_moreincludes\classes\class-get-excerpt.php:111
filterexcerpt_moreincludes\classes\class-get-excerpt.php:113
filterexcerpt_lengthincludes\classes\class-get-excerpt.php:117
actionadmin_initincludes\classes\class-menu-onepage.php:16
actionadmin_head-nav-menus.phpincludes\classes\class-menu-onepage.php:18
actionwp_headincludes\classes\module-shortcodes\class-module-blog.php:16
actionadmin_initincludes\classes\module-shortcodes\class-module-blog.php:17
actionwp_headincludes\classes\module-shortcodes\class-module-googlemap.php:16
actionadmin_initincludes\classes\module-shortcodes\class-module-googlemap.php:17
actionwp_enqueue_scriptsincludes\classes\module-shortcodes\class-module-googlemap.php:18
actionwp_headincludes\classes\module-shortcodes\class-module-instagram.php:16
actionadmin_initincludes\classes\module-shortcodes\class-module-instagram.php:17
actionwp_headincludes\classes\module-shortcodes\class-module-menu.php:16
actionadmin_initincludes\classes\module-shortcodes\class-module-menu.php:17
actionwp_headincludes\classes\module-shortcodes\class-module-sidebar.php:16
actionadmin_initincludes\classes\module-shortcodes\class-module-sidebar.php:17
actionwp_headincludes\classes\module-shortcodes\class-module-uix_products.php:24
actionadmin_initincludes\classes\module-shortcodes\class-module-uix_products.php:25
actionwp_enqueue_scriptsincludes\uixpbform\init.php:40
actionadmin_enqueue_scriptsincludes\uixpbform\init.php:41
actionadmin_initincludes\uixpbform\init.php:42
actionadmin_initincludes\uixpbform\init.php:43
actionadmin_footerincludes\uixpbform\init.php:44
actioninituix-page-builder.php:76
actioninituix-page-builder.php:77
actioninituix-page-builder.php:78
actionwp_enqueue_scriptsuix-page-builder.php:80
actionadmin_inituix-page-builder.php:81
actionadmin_inituix-page-builder.php:82
actionadmin_inituix-page-builder.php:83
actionadmin_menuuix-page-builder.php:84
actionadmin_footeruix-page-builder.php:85
actionwp_enqueue_scriptsuix-page-builder.php:86
actionplugins_loadeduix-page-builder.php:2225
Maintenance & Trust

Uix Page Builder Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 24, 2025
PHP min version5.6
Downloads15K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Uix Page Builder Alternatives

Mega Addons For WPBakery Page Builder

Mega Addons For WPBakery Page Builder

mega-addons-for-visual-composer

D
41

34+ Addons WPBakery extension, Beautifully designed unique elements, Includes Premium quality addons For WPBakery Page Builder.

30K 2 unpatched
Video Background

Video Background

video-background

A
92

Easily assign a video background to any element on your WordPress pages or posts. Now compatible with WPBakery (Visual Composer) and SiteOrigin Page B &hellip;

10K 1 CVE
Themify Builder

Themify Builder

themify-builder

A
94

Build responsive layouts that work for desktop, tablets, and mobile using intuitive drag & drop editor with live preview.

5K 10 CVEs
Innovs WPBakery Visual Composer WHMCS Elements

Innovs WPBakery Visual Composer WHMCS Elements

void-visual-whmcs-element

C
54

🚀 This WordPress Plugin seamlessly integrates various WPBakery Page Builder widgets with WHMCS, the leading solution for hosting companies to bill and &hellip;

2K 2 unpatched
Post Slider For WPBakery Page Builder

Post Slider For WPBakery Page Builder

post-carousel-slider-for-visual-composer

A
85

Drag & touch Post Carousel anything at any position (row / column) in VC

1K No CVEs
Developer Profile

Uix Page Builder Developer Profile

UIUX Lab

6 plugins · 540 total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
32 days
View full developer profile
Detection Fingerprints

How We Detect Uix Page Builder

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/uix-page-builder/js/uix-page-builder-plugins.js/wp-content/plugins/uix-page-builder/add-ons/piechart/jquery.easypiechart.min.js/wp-content/plugins/uix-page-builder/add-ons/muuri/muuri.min.js/wp-content/plugins/uix-page-builder/js/uix-page-builder.js/wp-content/plugins/uix-page-builder/css/uix-page-builder.css/wp-content/plugins/uix-page-builder/css/uix-page-builder.min.css
Script Paths
/wp-content/plugins/uix-page-builder/js/uix-page-builder-plugins.js/wp-content/plugins/uix-page-builder/add-ons/piechart/jquery.easypiechart.min.js/wp-content/plugins/uix-page-builder/add-ons/muuri/muuri.min.js/wp-content/plugins/uix-page-builder/js/uix-page-builder.js
Version Parameters
uix-page-builder/js/uix-page-builder-plugins.js?ver=uix-page-builder/add-ons/piechart/jquery.easypiechart.min.js?ver=uix-page-builder/add-ons/muuri/muuri.min.js?ver=uix-page-builder/js/uix-page-builder.js?ver=uix-page-builder/css/uix-page-builder.css?ver=

HTML / DOM Fingerprints

CSS Classes
uix-pb
HTML Comments
/** * Uix Page Builder ** Uix Page Builder is a design system that it is simple content creation interface.* @author UIUX Lab <uiuxlab@gmail.com>* Some of the easily confusing Variable Terms in the plugin:+10 more
Data Attributes
uix-page-builder
JS Globals
wp_theme_root_path
FAQ

Frequently Asked Questions about Uix Page Builder